Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer will not boot / may be infected


  • Please log in to reply
12 replies to this topic

#1 mcomp72

mcomp72

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:14 AM

Posted 03 August 2016 - 04:05 AM

I downloaded an .exe file off the internet tonight, but before installing it, I ran a check with Avira Antivirus, and it said it was clean.  However, I am now suspecting that it was NOT actually clean, and caused the problem I will describe below.

 

My computer will not boot up.  At first it would just show a blank screen with a small smiley face at the bottom of the screen, near the left corner.  I rebooted with my Windows 10 USB stick, and ran Startup Repair.  That did not fix the problem, but the smiley face no longer shows up.  Now I just see the cursor dance around the screen for a couple of seconds, and then it launches the BIOS.

 

I have been unable to boot into Safe Mode from my C drive (which is an SSD).

 

I have also tried:

 

- AVG Anti-virus Recovery USB (same as CD) -- it would not complete a scan of my computer.  It would hang at a certain point; I have no idea why.

 

- Avira Recovery USB (same as CD) -- it said it could not detect any hard drives in my system.

 

- Hiron's Boot CD (on USB stick) -- none of the anti-virus programs would run.  I forget the exact message it gave me, but it essentially was saying it could not find them.  However, I was able to get a Windows Boot Manager screen to come up using this Boot CD (I forget how exactly), and it said that "The Boot Configuration Data for your PC is missing or contains errors."  (I took a photo of the monitor when this message was up and can post it, if that would be helpful.)

 

I have Acronis True Image 2016 make an incremental backup each night, so in theory I should be able to recover my C drive from the previous night's backup.  However, unfortunately when I run the Acronis Recovery program from a USB drive, it cannot see either of my internal drives.  (My backups are on my D drive, which is an internal drive.)

 

One thing I CAN do is get into the Command Prompt by launching Windows 10 from the USB drive.  I go onto "Repair Windows" and then Advanced, and Command Prompt is one of options.  I can see both of my internal hard drives this way, so I know they can both be seen.  I am not sure why Acronis & Avira do not see them.

 

I am at a loss as for what to do now.  Does anyone have any suggestions?

 



BC AdBot (Login to Remove)

 


#2 JohnC_21

JohnC_21

  • Members
  • 23,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:14 AM

Posted 03 August 2016 - 08:52 AM

Did you create the linux based bootable media or the WinPE version. If linux I would create a WinPE version on another computer or if you created a WinPE version try the linux version.

 

https://kb.acronis.com/content/56610

 

I am not familiar with Acronis but if it allows you to start a image recovery in Windows you could reinstall Windows 10 to a clean drive then restore your image from within Windows where it should be able to detect your internal drives.

 

Edit: you could also recover your images from the internal drive to an external drive using a linux based disk or USB flash drive. Then verify the image on another computer with Acronis.


Edited by JohnC_21, 03 August 2016 - 08:54 AM.


#3 mcomp72

mcomp72
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:14 AM

Posted 03 August 2016 - 01:59 PM

I believe the Acronis Recovery version I have is WinPE.  I looked on their website, and it sounds like I would need to go through a lot of steps that I don't understand in order to create a new ones with drivers for my drives.

 

I also tried to repair the drive using Windows 10, so I could then reinstall Acronis and then restore the backup.  The Reset function on Windows 10 would not work.  It gave me the following error: Unable to reset your PC.  A required drive partition is missing.



#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:14 AM

Posted 03 August 2016 - 02:02 PM

Any chance you installed Audacity or Class Shell last night?



#5 mcomp72

mcomp72
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:14 AM

Posted 03 August 2016 - 02:48 PM

I have never heard of either of those, so I don't think so.  What I think was the cause was a program called MKVToolnix.  I downloaded and installed it last night.  Even though Avira told me the .exe file was clean, it does not appear to be the case.  Either that, or it is an extreme coincidence that I installed this the same time as the trouble started.

 

I just tried the Norton Rescue disk, but when it runs, it does not detect any Windows installations, so it won't do anything.

 

What I think I need is something I can run from a bootable USB that can detect the drive, clean the infection off of it, and repair the boot sector.  I can't seem to find it. Not sure it exists, but it does seem hard to believe that the drive is unfixable and should be thrown in the garbage.  There must be some kind of tool that can detect it AND get rid of the virus, right?



#6 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:14 AM

Posted 03 August 2016 - 02:54 PM

FossHub was hacked yesterday and at least two, Audacity and Classic Shell, were replaced with malware. Its possible this was too.  Automatic repair is not fixing it? To fix you should just be able to fix the mbr and it should boot normally after that.



#7 mcomp72

mcomp72
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:14 AM

Posted 03 August 2016 - 03:07 PM

What do you mean when you say "automatic repair"?

 

How do I fix the MBR?  I am pretty clueless when it comes to this stuff.  I have almost never had a problem with viruses and malware.  I'm Googling and trying certain ideas that seem plausible, but no such luck yet.



#8 JohnC_21

JohnC_21

  • Members
  • 23,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:14 AM

Posted 03 August 2016 - 03:07 PM

I believe the Acronis Recovery version I have is WinPE.  I looked on their website, and it sounds like I would need to go through a lot of steps that I don't understand in order to create a new ones with drivers for my drives.

 

I also tried to repair the drive using Windows 10, so I could then reinstall Acronis and then restore the backup.  The Reset function on Windows 10 would not work.  It gave me the following error: Unable to reset your PC.  A required drive partition is missing.

The link I provides shows you how to create the linux version. There should be enough drivers on the disk to detect your drives. Select Acronis Bootable Rescue Media instead of WinPE. You may need to disable SecureBoot in your UEFI settings if you have it. If it still refuses to boot then enable Legacy or CSM boot if you have those settings.

 

Edit: MKVtoolnix was may have been infected. The MBR was overwritten.

 

Some popular apps that have links to FossHub that may be infected include:

Audacity, WinDirStat, qBittorrent, MKVToolNix, Spybot Search&Destroy, Calibre, SMPlayer, HWiNFO, MyPhoneExplorer, IrfanView

 

https://www.reddit.com/r/pcmasterrace/comments/4vw21h/massive_psa_do_not_download_classic_shell_read/


Edited by JohnC_21, 03 August 2016 - 03:15 PM.


#9 mcomp72

mcomp72
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:14 AM

Posted 03 August 2016 - 03:19 PM

Thanks, JohnC.  I will try the Linux version.  I have tried Linux versions of other things (Norton Recovery Disc was Linux, for example) and it did not detect the drives.

 

Lawrence, I figured out what you mean when you said "automatic repair".  Unfortunately, when I go into the Advanced menu of Windows Repair (from my Windows 10 USB installer drive), that is not an option for me.  I've attached an image that shows the options I have.  I have tried Startup Repair several times, but that did not fix it.IMG_3785.jpg



#10 Allen

Allen

  • Members
  • 337 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:06:14 AM

Posted 03 August 2016 - 03:44 PM

On the advanced options click Command Prompt and try running "bootrec.exe /fixmbr" without the quotation marks, that should fix the master boot record


Hey everyone I'm Allen I am a young web developer/designer/programmer I also help people with computer issues including hardware problems, malware/viruses infections and software conflicts. I am a kind and easy to get along with person so if you need help feel free to ask.

#11 mcomp72

mcomp72
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:14 AM

Posted 03 August 2016 - 04:29 PM

Hi Allen.  Thanks for jumping in.  I had actually tried that before and it didn't work, and I started trying all kinds of similar things that I found on various forums (all via the command prompt), and none of them seemed to be working.  I decided I'd try to boot into Linux and completely format the drive.  As I put in the USB drive and rebooted, the computer booted up normally.  I literally have no idea what I did that made it work.  I tried all kind of commands at the command prompt (including the one you mentioned), so I guess something must have worked.

 

I just scanned my computer with Malware Bytes, and indeed, I was infected by MKVToolnix.  After finishing the scan, it said to reboot the computer to finish removing the infection.  I have done that, and am now running the scan again.

 

I know that some malware can still remain on the computer even if a scan says the computer is clean, so now I am wondering what you all recommend I do to ensure that I have actually gotten rid of the infection 100%?  Run a certain scan in Safe Mode?  Run Norton Recovery from a USB drive and scan the drive that way?

 

Thanks to everyone who's chimed in so far!



#12 JohnC_21

JohnC_21

  • Members
  • 23,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:14 AM

Posted 03 August 2016 - 06:02 PM

I would run hitman pro. It requires an online connection.



#13 thruster999

thruster999

  • Members
  • 1 posts
  • OFFLINE
  •  

Posted 05 August 2016 - 09:46 AM

FossHub was hacked yesterday and at least two, Audacity and Classic Shell, were replaced with malware. Its possible this was too.  Automatic repair is not fixing it? To fix you should just be able to fix the mbr and it should boot normally after that.


I can confirm that it was mkvtoolnix.

I had the identical thing happen to me. Including the weird smiley at the bottom left corner of the screen.

I ended up doing a full re-install.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users